• KPMG: The Indictments

    By • Feb 10th, 2018 • Category: Pure Content, The Case Against The Auditors

    On January 22, the SEC and Department of Justice announced civil and criminal charges against five former KPMG executives —two of whom had previously been working for the PCAOB—and one more former PCAOB professional who didn’t make it to the promised land before the jig was up.

    About a week after the initial story hit last April, I wrote, “KPMG Takes Its Turn With a Big 4 -Sized Scandal.”

    At that time I rounded up the coverage including highlighting the initial scoop that broke the story at the Wall Street Journal.  I also wrote that it was quite odd that KPMG was so sure that the whole mess had not affected the integrity of any audits.

    KPMG also says, “This issue does not impact any of the firm’s audit opinions or any client’s financial statements.”

    I find that odd,  unless all of the terminated partners were leadership/national office partners, currently not assigned to lead engagements.  The two names revealed so far—Scott Marcello, the head of the United States audit practice and David Middendorf head of of the national office— do not appear to have been assigned as lead partners on any audits for 2016, based on the new PCAOB engagement partner database.

    If that is the case, these non-client facing partners could still impact audit opinions or financial statements because they, perhaps, used the inspection information not directly for their own personal benefit but to warn or advise engagement teams to backdate workpapers, clean up files or otherwise cover up audit failures before the PCAOB caught them.The PCAOB says that when a firm does not provide sufficient evidence to support its audit opinion, then the opinion should not have been issued at all.

    That would be an audit failure in my book.

    The original WSJ article did not speculate about the civil, criminal or professional penalties that could be imposed by the SEC, PCAOB or the Department of Justice. About a week later I wrote here, “More on KPMG and the Precedents for Possible Punishment,” speculating on the possible charges and making the case for criminal charges.

    I thought the KPMG case was eerily similar to another recent one. That case resulted in a trial for the perpetrator and significant fines for the firm that allowed stolen regulatory information to be used inappropriately by its employees.

    If you are surprised by my mention of potential criminal penalties you should not be. This case mirrors the 2014 case where in 2014 a junior Federal Reserve Bank of New York employee leaked “a regulatory gold mine,” according to a New York Times article, to a junior Goldman employee who was a former New York Fed employee himself.

    What are they teaching—or not teaching— in the universities these days?

    According to a NY Times report, the Fed said the confidential information stolen included reports of bank examinations and other “confidential reports prepared by banking regulators.” Goldman Sachs, the Fed said, illegally used the information in presentations to current and prospective clients “in an effort to solicit business.”

    Goldman Sachs, like KPMG, not the New York Fed, or the PCAOB in this case, uncovered the leak. Goldman fired the recipient of the leaked info and an executive who supervised him who they said had “failed to properly escalate” the problem. The New York Fed fired the leaker employee and notified law enforcement agencies.

    Rohit Bansal, the Goldman Sachs employee who prosecutors say instigated the theft by his friend Jason Gross, the NY Fed employee, pleaded guilty to a misdemeanor for obtaining about 35 documents on about 20 occasions from his partner in crime. Bansal escaped a jail sentence but was sentenced to two years probation, 300 hours of community service and a $5,000 fine. Gross pleaded guilty to a misdemeanor and was sentenced to a year’s probation.

    Goldman paid a $50 million penalty to New York State regulators because its “management failed to effectively supervise” and paid another $36.3 million to the Federal Reserve Board, the central bank authority, because it is “illegal to use or disclose confidential supervisory information without prior approval.”

    Joseph Jiampietro, the former managing director at Goldman Sachs’ investment banking division and Bansal’s supervisor, sued Goldman Sachs for failing to pay at least $350,000 in legal fees he incurred defending himself.

    My colleagues at the WSJ followed up in April with a profile of “straight out of central casting,” and “the exact opposite of flashy,” Scott Marcello, the head of KPMG’s US audit practice. He was fired in April along with his deputy David Middendorf, three more partners, and a staff person, according to a statement at the time from KPMG.

    KPMG said in the statement, “The firm learned through the investigation that the six KPMG individuals either had improper advance warnings of engagements to be inspected by the PCAOB, or were aware that others had received such advance warnings and had failed to properly report the situation in a timely manner.”

    Six means Marcello, too. However, when the SEC and DOJ charges were made public on January 22, Marcello’s name was nowhere to be found. There was no mention of any sanctions or charges against KPMG the firm, either.

    KPMG clients whose audits were reviewed and revised by KPMG partners based on use of the stolen inspection data —the DOJ said at least seven banks were affected —were not named, despite some pretty detailed descriptions of them and how the integrity of their audits and the regulatory process had allegedly been undermined.

    The Wall Street Journal’s Dave Michaels asked the SEC on a press call that day about Marcello. Another reporter asked about charges against KPMG.  I asked about inherent contradiction of alleging KPMG’s audit leadership, its process and several audits were severely compromised but yet the companies and investors could still trust KPMG and their audit opinions.

    But the SEC lead enforcement attorney, Steve Peikin, would only say that the SEC’s Chief Accountant had given his blessing on the audits and that the investigation was ongoing so additional individuals or entities could still be charged.

    We did find out the rationale for the criminal charges from the DOJ complaint—a conspiracy—and the names of the rest of those fired from KPMG and the name of another person who had been fired from the PCAOB but had never made it to a job at KPMG in return for allegedly selling secrets.

    I wrote for MarketWatch on January 23 that the, “KPMG indictment suggests many who weren’t charged knew regulator data was stolen.”

    That is, the SEC and DOJ complaints implied a whole lot more folks at KPMG, “either had improper advance warnings of engagements to be inspected by the PCAOB, or were aware that others had received such advance warnings and had failed to properly report the situation,” as KPMG described the problem in its April statement.

    The alleged scheme required a joint effort by the named defendants but also the complicity of others in the firm, including partners referred to in the DOJ complaint as Partner-1, Partner-2, Partner-3 and Partner-4 who were explicitly told by Sweet that their audits would be inspected before that formal announcement came from the PCAOB and used that information to fix audits ahead of those inspections, including audits at seven KPMG bank clients.

    In addition to sharing the 2015 list of PCAOB inspections at KPMG with Middendorf, Whittle and Britt, Sweet also told at least one KPMG engagement partner who had not yet received notification from the PCAOB that the partner’s engagement would be subject to inspection, according to the Justice Department. He also showed a 2015 PCAOB inspection planning spreadsheet to additional KPMG partners, using it to explain why the PCAOB had selected certain audits for inspection.

    On Feb. 3, 2017, at Whittle’s direction, Sweet notified several additional partners that their engagements would be inspected, the Justice Department said.

    It wasn’t until early 2017 that another KPMG professional, Partner-5, reported the scheme to his superiors and then to the firm’s general counsel, who reported the misconduct to the regulators, according to the DOJ.

    KPMG had been right, back in April, that no regulator would be willing to add stress to the financial system by suggesting there may be criminal or other serious charges against KPMG or would likely do anything to shake clients’ confidence or investors’ confidence in its audits just because the top tier of its audit practice were fired and now indicted for sharing confidential information that “potentially undermined the integrity of the regulatory process.”

    The SEC’s Chairman Jay Clayton immediately put out a statement meant to assuage any panicked dropping of KPMG by clients or concern in the market about tainted or late audits.

    Based on discussions with the SEC staff, I do not believe that today’s actions against these six individuals will adversely affect the ability of SEC registrants to continue to use audit reports issued by KPMG in filings with the Commission or for investors to rely upon those required reports. I do not expect that these actions will adversely affect the orderly flow of financial information to investors and the U.S. capital markets, including the filing of audited financial statements with the Commission.

    In my story in MarketWatch, Lynn Turner, a former SEC Chief Accountant, said he’s skeptical.

    Former SEC Chief Accountant Lynn Turner is not convinced KPMG’s audits should still be relied upon. “This episode raises a serious question about the culture of the KPMG firm.  Under the circumstances, how can the SEC expect investors to trust KPMG’s audits?” asked Turner.

    “I’m not convinced the SEC has done enough to ascertain that these KPMG audits, especially the seven bank audits, are credible and will be credible in the future,” Turner told MarketWatch in an interview.

    Based on the details about one client provided in the DOJ indictment, I identified one of the clients with 99.999999% certainty.  Why not 100% certainty?  Because neither KPMG nor the client would respond to my request to either confirm or tell me no, definitively.

    Why Ambac was one of the KPMG clients that got a second look after inspection tip-off

    Could that be because KPMG hasn’t told the affected clients and their audit committees why their audits were reviewed and, in some cases, revised after the allowed documentation period or even after the 10K was filed? In the Ambac case KPMG forced an amended 10K to be filed because it decided to withdraw its ICFR opinion as a result, I wrote, of the stolen second-look. I also suspect there are many more partners who used the tip-offs to clean up their audits and are still employed and still signing those audits.














    Email this author | All posts by

    Leave a Reply